Skip to main content
POST
/
api
/
v1
/
sub-accounts
/
{sub_auth_id}
/
kyc
/
digilocker
/
initiate
DigiLocker initiate
curl --request POST \
  --url https://api.vobiz.ai/api/v1/sub-accounts/{sub_auth_id}/kyc/digilocker/initiate \
  --header 'Content-Type: application/json' \
  --header 'X-Auth-ID: <api-key>' \
  --header 'X-Auth-Token: <api-key>' \
  --data '
{
  "redirect_url": "https://partner.example.com/kyc/callback"
}
'
import requests

url = "https://api.vobiz.ai/api/v1/sub-accounts/{sub_auth_id}/kyc/digilocker/initiate"

payload = { "redirect_url": "https://partner.example.com/kyc/callback" }
headers = {
"X-Auth-ID": "<api-key>",
"X-Auth-Token": "<api-key>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {
'X-Auth-ID': '<api-key>',
'X-Auth-Token': '<api-key>',
'Content-Type': 'application/json'
},
body: JSON.stringify({redirect_url: 'https://partner.example.com/kyc/callback'})
};

fetch('https://api.vobiz.ai/api/v1/sub-accounts/{sub_auth_id}/kyc/digilocker/initiate', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
{
  "auth_url": "https://api.digitallocker.gov.in/public/oauth2/1/authorize?...",
  "access_request_id": "AR_xxxxxxxx"
}
Starts a DigiLocker-based Aadhaar verification. Returns the DigiLocker authorization link and an access_request_id. Redirect the customer to the link to complete OAuth on the DigiLocker portal, then finalize with DigiLocker Verify.
Authenticate with your parent main account’s X-Auth-ID and X-Auth-Token — the same credentials used everywhere else in the API.
1

Initiate

Call this endpoint with your redirect_url (and optional oauth_state). Capture access_request_id and send the customer to the returned auth_url.
2

Customer completes OAuth

The customer authorizes on the DigiLocker portal and is returned to your redirect_url.
3

Verify

Call DigiLocker Verify with the access_request_id.

Request body

FieldTypeRequiredDescription
redirect_urlstring (URI)YesWhere DigiLocker returns the customer after OAuth.
oauth_statestringNoOpaque value echoed back on the redirect — use it for CSRF protection by comparing it to a value you stored before redirecting.

Response example

200 OK
{
  "auth_url": "https://api.digitallocker.gov.in/public/oauth2/1/authorize?...",
  "access_request_id": "AR_xxxxxxxx"
}
Store the access_request_id against the customer’s session before redirecting. The OAuth round-trip happens in the customer’s browser; you finalize server-side in the next step using this id.

Authorizations

X-Auth-ID
string
header
required

Your Vobiz account Auth ID

X-Auth-Token
string
header
required

Your Vobiz account Auth Token

Path Parameters

sub_auth_id
string
required

The sub-account's Auth ID.

Example:

"SA_XXXXXX"

Body

application/json
redirect_url
string<uri>
required
Example:

"https://partner.example.com/kyc/callback"

oauth_state
string

Opaque value echoed back on the redirect for CSRF protection.

Example:

"opaque-state-xyz"

Response

200 - application/json

DigiLocker authorization link